Talk With an Expert

Pardon the Disruption: The Psychology of Security Culture

Pardon the Disruption: The Psychology of Security Culture (PDF, 1.74MB)Last updated: 15 Aug, 2025
Presented by:
Molly McLain SterlingDr. Bob HausmannKatie Ostrom
Molly McLain Sterling, Dr. Bob Hausmann & Katie Ostrom

Security isn’t just a tech problem—it’s a human problem. Trust, influence, and behavior drive security more than policies ever will.

In this high-energy, debate-style session—modeled after the popular sports tv show, Pardon the Interruption, we’re putting the most renowned behavior change theories head-to-head to determine which ones are a must for a culture of security.

Why do people ignore security guidance? How can we drive behavior change without resistance? Is trust more powerful than fear in influencing decisions?

To answer these questions, we’ll pit heavyweight behavior change strategies against each other, including:

- Daniel Kahneman’s ""Thinking Fast and Slow"" – Cognitive biases and decision-making in security.

- Amy C. Edmondson’s ""The Fearless Organization"" – Psychological safety as a security enabler.

- Dan & Chip Heath’s ""Switch"" – Overcoming the rational vs. emotional struggle in security behaviors.

- Robert Cialdini’s ""Influence"" – Leveraging authority, social proof, and persuasion to drive security action.

- Ian Ayres’ ""Carrot and Stick"" – Incentives and deterrence in cybersecurity.

- Paul Marciano’s ""Carrots and Sticks Don’t Work"" – Why intrinsic motivation beats external rewards.

- Richard Thaler’s ""Nudge"" – Subtle interventions that guide secure decision-making.

Through fast-paced debates and audience voting, we’ll analyze each model’s real-world application in cybersecurity. Expect bold takes, unconventional insights, and a battle for the title of ""Heavyweight Champion of Change.""

Attendees will leave with a playbook of proven psychological strategies to apply to their organization’s culture in driving trust, partnership, and community between stakeholders and security practitioners.

SANS Security Awareness Summit 2025